CVE-2016-4977

Published May 25, 2017

Last updated a year ago

CVSS high 8.8

Overview

Description: When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type.
Source: security_alert@emc.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-19

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:pivotal:spring_security_oauth:1.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "684631F6-F8D4-48B7-98F2-BDA9C39083C6"
          },
          {
            "criteria": "cpe:2.3:a:pivotal:spring_security_oauth:1.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3701D619-31DF-4731-834C-6155BC7E5107"
          },
          {
            "criteria": "cpe:2.3:a:pivotal:spring_security_oauth:1.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53930533-8F2C-4935-B4D2-F1A878960A2E"
          },
          {
            "criteria": "cpe:2.3:a:pivotal:spring_security_oauth:1.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C32C17C5-899E-4BB4-8D58-113F1D09DAE9"
          },
          {
            "criteria": "cpe:2.3:a:pivotal:spring_security_oauth:1.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5F1F3A6-5484-496F-8EAA-B7A057D6DB3B"
          },
          {
            "criteria": "cpe:2.3:a:pivotal:spring_security_oauth:1.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5198701E-7773-431C-91BC-7851EC29FCF5"
          },
          {
            "criteria": "cpe:2.3:a:pivotal:spring_security_oauth:2.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF512340-8A4B-4490-AA61-D75C5887BFEB"
          },
          {
            "criteria": "cpe:2.3:a:pivotal:spring_security_oauth:2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FFC58F72-A9EF-4E98-98B1-4A1F002CF219"
          },
          {
            "criteria": "cpe:2.3:a:pivotal:spring_security_oauth:2.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90038376-4DE6-45AD-AE66-15A303968A52"
          },
          {
            "criteria": "cpe:2.3:a:pivotal:spring_security_oauth:2.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABA9D0E0-4CE5-4F2D-8CF4-C56AEDB6B93B"
          },
          {
            "criteria": "cpe:2.3:a:pivotal:spring_security_oauth:2.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47E67BE8-5FCB-4AE8-AF43-3D54DB4B1101"
          },
          {
            "criteria": "cpe:2.3:a:pivotal:spring_security_oauth:2.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "550C588E-D34C-4875-9C19-3D83699E672D"
          },
          {
            "criteria": "cpe:2.3:a:pivotal:spring_security_oauth:2.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B7396259-1CDD-4EC4-B80C-C390E369E5BA"
          },
          {
            "criteria": "cpe:2.3:a:pivotal:spring_security_oauth:2.0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB6BB413-E1F7-4B8F-8BD0-A1D4C2A8A77C"
          },
          {
            "criteria": "cpe:2.3:a:pivotal:spring_security_oauth:2.0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6CAAB3A1-EF4D-4FB2-AEBB-758895FD0B48"
          },
          {
            "criteria": "cpe:2.3:a:pivotal:spring_security_oauth:2.0.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7698A791-1A65-4D5B-B102-650EE874F48C"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References